Left of the URL should have a standard gray padlock, without a warning triangle.

When you hover your mouse over the gray padlock, it should say "Verified by: p11-kit Test Org"

Click on the icon, then click on More Information, then on View Certificate, , then on Details. Click on the top certificate (top line) in the Certificate Hierarchy. In certificate fields there should be a line that says: "System Trust:p11-kit Test CA"

Messages on the console from firefox are probably unrelated to this test, unless they say "p11-kit".

The other tests below require extraction of the system ca-trust compatibility bundles:

$ sudo update-ca-trust

This extracts the new bundles so that gnutls, openssl, and java and so on can make use of them.